Share this post

Link to post

Share on other sites

The minidump doesn't directly implicate the ARW protection driver farflt.sys but as the issue is only present on your system with MBARW active or installed, we'd like to investigate further.

Our developers always request a complete memory dump rather than a minidump

We just yesterday released a new Component Update package to the 0.9.18.807 platform, version 1.1.117

It has several stability improvements. If you can consistently reproduce this issue, would you mind reinstalling MBARW, and let it update to the latest Component Update (CU) before attempting to run your game?

Configure Windows to create crash dumps on failures and not to restart automatically on system failure:

• Press the Windows key + R
• In the Run box type or copy/paste the following and press Enter or click on OK:

control sysdm.cpl

• Once the System Properties dialog opens, click on the Advanced tab.
• Click on the 'Settings...' button located under 'Startup and Recovery'.
• Under System failure make certain that 'Automatically restart' is unchecked. If it is checked, uncheck it.
• Click the drop-down menu under Write debugging information and select 'Complete memory dump' if that option is not already selected.
• Make certain that you know the path where the dumps are saved, which by default will be %SystemRoot%\MEMORY.DMP. (%SystemRoot% is typically C:\Windows)
• Make certain that 'Overwrite any existing file' is checked. If it is unchecked, check it.
• Click on OK, then on the next screen click OK to close it.

You will need to restart your system before these settings are fully enabled.

Should a system crash (BSOD) occur, please write down the significant information displayed, such as the file name indicated in the BSOD as well as any alpha-numeric error codes, so that you may provide them to the developers.
In addition, should such a crash (BSOD) occur, please provide the memory dump created by Windows.

It will be located at C:\MEMORY.DMP and will need to be copied out of that directory before additional handling can take place.

Please zip and upload it to Wetransfer or a similar file uploading service, and provide the download link for that file.https://www.wetransfer.com/

In addition, please provide the log file created by our arwlogs tool.

Next, we need to gather additional information to assist with our analysis. arwlogs.exeis an information gathering tool that neither installs nor does it make system/registry hive changes.

Download the trusted, Malwarebytes authoredarwlogs.exeutility/tool and save only to a systemAdministrator's desktopof the system in question.

Single right-click thearwlogs.exeicon and selectRun as administratorfrom the Windows context menu.

If a Windows User Account Control (UAC) alert/prompt forarwlogs.exeappears, select the "Yes" button to continue.

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff880014c70b2, The address that the exception occurred at
Arg3: fffff8800964f858, Exception Record Address
Arg4: fffff8800964f0c0, Context Record Address

Debugging Details:
------------------

DUMP_CLASS: 1

DUMP_QUALIFIER: 402

BUILD_VERSION_STRING: 7601.23915.amd64fre.win7sp1_ldr.170913-0600

DUMP_TYPE: 0

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: fffff880014c70b2

BUGCHECK_P3: fffff8800964f858

BUGCHECK_P4: fffff8800964f0c0

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

Share this post

Link to post

Share on other sites

There are ~20 developers in my office and we all use MBARW for sometime now.

Yesterday, everyone in my office started getting BSODs at what seemed to be random times (by analyzing the logs in "C:\ProgramData\Malwarebytes\MB3Service\logs", we later realized that it was because we've received the update at different times).

We debugged the issue to be a conflict between the Microsoft C# compiler (csc.exe) and the MB3service.

NOTE: all of us got a different BSOD messages and since our PCs crashed multiple times before we found the problem, I can confirm that the BSOD message was always random, even when we did multiple tests on the same PC.

Share this post

Link to post

Share on other sites

I am also having this issue. Starting this morning (when restarting my computer for the first time in weeks) I consistently get a BSOD when trying to start Sybase SQL Anywhere 11. It gives stop code 0x0000007E and points to fltmgr.sys. After having this happen several times, I remembered the last time I was getting BSODs it was the anti-ransomware that was at fault. So I turned it off and that fixed the problem, meaning it's once again the culprit.

Share this post

Link to post

Share on other sites

What type(s) of activities were being performed at the time of the BSOD on your team's machines?

If you add an exclusion for the csc.exe or it's parent folder, does that alleviate the issue?

At the time of the BSOD, our project was being navigated for the first time after re-building in Visual Studio and deleting the temporary ASP.NET files (at which point the IIS is starting to generate the temporary files needed).

I cannot really test the exclusion right now, if I have the time, I'll try and do it tomorrow.

NOTE: this only happens with our largest solution (100+ .csproj projects) and does not happen with several other smaller ones.